ApPHP Calendar XSS - CSRF

2010-09-02T00:00:00
ID SECURITYVULNS:DOC:24656
Type securityvulns
Reporter Securityvulns
Modified 2010-09-02T00:00:00

Description

Vendor: ApPHP

Affected versions: All

Script: ApPHP Calendar

URL: http://www.apphp.com/php-calendar/index.php

Vulnerability type: XSS - CSRF

Risk rating: Medium

[Exploit]

Attack: XSS - CSRF in calendar.php via POST

Vulnerable file: calendar.class.php

Vulnerable parameters:

- category_name

- category_description

- event_name

- event_description

[Solution]

Need to sanitize the vulnerable parameters

[Credits]

Edgard Chammas [454447415244]

edgard.chammas@balamand.edu.lb